diff options
Diffstat (limited to 'spec/features/security/group/private_access_spec.rb')
-rw-r--r-- | spec/features/security/group/private_access_spec.rb | 104 |
1 files changed, 104 insertions, 0 deletions
diff --git a/spec/features/security/group/private_access_spec.rb b/spec/features/security/group/private_access_spec.rb new file mode 100644 index 00000000000..0d01310b449 --- /dev/null +++ b/spec/features/security/group/private_access_spec.rb @@ -0,0 +1,104 @@ +require 'rails_helper' + +describe 'Private group access', feature: true do + include AccessMatchers + include GroupAccessHelper + + + + describe 'GET /groups/:path' do + subject { group_path(group(Gitlab::VisibilityLevel::PRIVATE)) } + + context "when user not in group project" do + it { is_expected.to be_allowed_for group_member(:owner) } + it { is_expected.to be_allowed_for group_member(:master) } + it { is_expected.to be_allowed_for group_member(:reporter) } + it { is_expected.to be_allowed_for group_member(:guest) } + it { is_expected.to be_allowed_for :admin } + it { is_expected.to_not be_allowed_for :user } + it { is_expected.to_not be_allowed_for :visitor } + end + + context "when user in group project" do + it { is_expected.to be_allowed_for project_group_member(:user) } + it { is_expected.to_not be_allowed_for :visitor } + end + end + + describe 'GET /groups/:path/issues' do + subject { issues_group_path(group(Gitlab::VisibilityLevel::PRIVATE)) } + + context "when user not in group project" do + it { is_expected.to be_allowed_for group_member(:owner) } + it { is_expected.to be_allowed_for group_member(:master) } + it { is_expected.to be_allowed_for group_member(:reporter) } + it { is_expected.to be_allowed_for group_member(:guest) } + it { is_expected.to be_allowed_for :admin } + it { is_expected.to_not be_allowed_for :user } + it { is_expected.to_not be_allowed_for :visitor } + end + + context "when user in group project" do + it { is_expected.to be_allowed_for project_group_member(:user) } + it { is_expected.to_not be_allowed_for :visitor } + end + end + + describe 'GET /groups/:path/merge_requests' do + subject { issues_group_path(group(Gitlab::VisibilityLevel::PRIVATE)) } + + context "when user not in group project" do + it { is_expected.to be_allowed_for group_member(:owner) } + it { is_expected.to be_allowed_for group_member(:master) } + it { is_expected.to be_allowed_for group_member(:reporter) } + it { is_expected.to be_allowed_for group_member(:guest) } + it { is_expected.to be_allowed_for :admin } + it { is_expected.to_not be_allowed_for :user } + it { is_expected.to_not be_allowed_for :visitor } + end + + context "when user in group project" do + it { is_expected.to be_allowed_for project_group_member(:user) } + it { is_expected.to_not be_allowed_for :visitor } + end + end + + + describe 'GET /groups/:path/group_members' do + subject { issues_group_path(group(Gitlab::VisibilityLevel::PRIVATE)) } + + context "when user not in group project" do + it { is_expected.to be_allowed_for group_member(:owner) } + it { is_expected.to be_allowed_for group_member(:master) } + it { is_expected.to be_allowed_for group_member(:reporter) } + it { is_expected.to be_allowed_for group_member(:guest) } + it { is_expected.to be_allowed_for :admin } + it { is_expected.to_not be_allowed_for :user } + it { is_expected.to_not be_allowed_for :visitor } + end + + context "when user in group project" do + it { is_expected.to be_allowed_for project_group_member(:user) } + it { is_expected.to_not be_allowed_for :visitor } + end + end + + describe 'GET /groups/:path/edit' do + subject { issues_group_path(group(Gitlab::VisibilityLevel::PRIVATE)) } + + context "when user not in group project" do + it { is_expected.to be_allowed_for group_member(:owner) } + it { is_expected.to be_allowed_for group_member(:master) } + it { is_expected.to be_allowed_for group_member(:reporter) } + it { is_expected.to be_allowed_for group_member(:guest) } + it { is_expected.to be_allowed_for :admin } + it { is_expected.to_not be_allowed_for :user } + it { is_expected.to_not be_allowed_for :visitor } + end + + context "when user in group project" do + it { is_expected.to be_allowed_for project_group_member(:user) } + it { is_expected.to_not be_allowed_for :visitor } + end + end +end |